[英]“Conversion from string ”insert into agent values(“ to type 'Double' is not valid.” in vb.net
Private Sub recruit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles recruit.Click
Dim query3 As String
Dim n As Integer
Dim query2 As String = "select max(stag) from agent"
con.ConnectionString = ("Data Source=DESKTOP-CTN5IJ3\SQLEXPRESS;Integrated Security=True")
Dim autono As New SqlCommand(query2, con)
con.Open()
If IsDBNull(autono.ExecuteScalar) Then
n = 7
Else
n = autono.ExecuteScalar + 5
End If
con.Close()
query3 = "insert into agent values(" + n + ",'" + ncrypt(txtssn.Text) + "','" + ncrypt(txtname.Text) + "','" + ncrypt(txtadd.Text) + "',0,0,'newbpwd')"
Dim save As New SqlCommand(query3, con)
con.Open()
save.ExecuteNonQuery()
con.Close()
End Sub
//query3 = "插入代理值(" + n + ",'" + ncrypt(txtssn.Text) + "','" + ncrypt(txtname.Text) + "','" + ncrypt(txtadd.Text) ) + "',0,0,'newbpwd')" 這就是所謂的問題所在
您的主要問題是您使用了錯誤的字符串連接運算符。 使用&代替+ 。
另一種方法是使用字符串插值
Dim n As Integer = 101
Dim query = $"INSERT INTO table VALUES ({n})"
但是,如果您從一開始就正確使用SqlParameters將值傳遞給 sql 查詢 - 您根本不需要連接字符串。
通過使用SqlParameter您可以保護您的當前代碼免受可能的 Sql 注入。
Private Sub recruit_Click(sender As Object, e As EventArgs) Handles recruit.Click
Dim connectionString = _
"Data Source=DESKTOP-CTN5IJ3\SQLEXPRESS;Integrated Security=True"
Dim newId As Integer = 7
Using connection As New SqlConnection(connectionString)
Dim query As String = "select max(stag) from agent"
Using command As New SqlCommand(query, connection)
connection.Open()
Dim result = command.ExecuteScalar()
If result IsNot DbNull.Value Then
newId = DirectCast(result, Integer) + 5
End If
End Using
End Using
Using connection As New SqlConnection(connectionString)
Dim query As String = _
"insert into agent values (@Id, @SSN, @Name, @Add, 0, 0, 'newbpwd')"
Using command As New SqlCommand(query, connection)
Dim parameters As New List(Of SqlParameter) From
{
New SqlParameter With { .ParameterName = "@Id", .SqlDbType = SqlDbType.Int, .Value = newId },
New SqlParameter With { .ParameterName = "@SSN", .SqlDbType = SqlDbType.VarChar, .Value = ncrypt(txtssn.Text)},
New SqlParameter With { .ParameterName = "@Name", .SqlDbType = SqlDbType.VarChar, .Value = ncrypt(txtname.Text)},
New SqlParameter With { .ParameterName = "@Add", .SqlDbType = SqlDbType.VarChar, .Value = ncrypt(txtadd.Text)},
}
command.Parameters.AddRange(parameters)
connection.Open()
command.ExecuteNonQuery()
End Using
End Using
End Sub
在 vb 中,您使用“&”符號而不是“+”來連接字符串
我的方法是在將整數插入表之前將其轉換為字符串,它對我有用。 例如:
Dim n As Integer = 33
Dim s As String = n.ToString
從字符串“FROM 子句中的語法錯誤”轉換。 輸入 'Boolean' 無效。 VB10 中的錯誤
[英]Conversion from string "Syntax error in FROM clause." to type 'Boolean' is not valid. error in VB10
我為庫存管理項目開發。 但顯示從字符串“更新產品集數量可用”到類型“雙精度”的轉換無效。
[英]am develop for stock management project. but it show for Conversion from string “update product set quantityavail” to type 'Double' is not valid.
從vb.net傳遞到SQL Server時將字符串轉換為日期類型
[英]Conversion of string to date type while passing from vb.net to sql server
從字符串“”到類型“ Integer”的轉換無效-使用VB的ASP.net
[英]Conversion from string “” to type 'Integer' is not valid - ASP.net using VB
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.